Bringing Rust to the Pixel Baseband
8 hours ago
- #Pixel Security
- #Rust Integration
- #Memory Safety
- Google has enhanced security on Pixel 9 by mitigating memory-safety vulnerabilities in the modem firmware.
- For Pixel 10, Google integrated a memory-safe Rust DNS parser into the modem firmware to reduce security risks.
- The modem firmware faces increasing threats; e.g., Project Zero achieved remote code execution on Pixel modems.
- DNS is critical for cellular operations and, if implemented unsafely, can lead to vulnerabilities like CVE-2024-27227.
- Hickory-proto was chosen as the Rust DNS library due to its maintenance, test coverage, and community adoption.
- no_std support was added to hickory-proto for bare-metal environments, benefiting other projects.
- Code size from hickory-proto is not optimized for embedded use but was acceptable due to Pixel's memory constraints.
- Rust integration involved defining unit tests and using rustc with Pigweed for build system scalability.
- Allocator and panic handler were implemented via FFI to integrate with existing C/C++ modem firmware.
- Linking Rust code required extracting object files and resolving weak symbol issues with compiler_builtin.
- A Rust function process_dns_response was created to parse DNS responses and call back to C functions.
- Cargo-gnaw was used to generate GN build rules for managing dependencies, ensuring correctness and maintenance ease.
- This project establishes a foundation for future memory-safe code integration in cellular basebands.